The ext4_group_add function in fs/ext4/resize.c in the Linux kernel
2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly
initialize the group descriptor during a resize (aka resize2fs)
operation, which might allow local users to cause a denial of service
(OOPS) by arranging for crafted values to be present in available
memory.